Which member of the CSIRT discovers the nature of the security breach, restores data, and recommends solutions to prevent future attacks? Lead Investigator Incident Manager Team Leader HR Lead
Added by Daniel C.
Step 1
Step 1: Identify the roles within the CSIRT (Computer Security Incident Response Team) and their responsibilities. Show more…
Show all steps
Your feedback will help us improve your experience
Akash M and 58 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
Study the following scenario and discuss and determine the incident response handling questions that should be asked at each stage of the incident response process. Consider the details of the organization and the CSIRC when formulating your questions. This scenario is about a small, family-owned investment firm. The organization has only one location and fewer than 100 employees. On a Tuesday morning, a new worm is released; it spreads itself through removable media, and it can copy itself to open Windows shares. When the worm infects a host, it installs a DDoS agent. It was several hours after the worm started to spread before antivirus signatures became available. The organization had already incurred widespread infections. The investment firm has hired a small team of security experts who often use the diamond model of security incident handling. Preparation:____________________________________________
Akash M.
On a Thursday afternoon, a network intrusion detection sensor records vulnerability scanning activity directed at internal hosts that is being generated by an internal IP address. Because the intrusion detection analyst is unaware of any authorized, scheduled vulnerability scanning activity, she reports the activity to the incident response team. When the team begins the analysis, it discovers that the activity has stopped and that there is no longer a host using the IP address. The following are additional questions for this scenario: 1. What data sources might contain information regarding the identity of the vulnerability scanning host? 2. How would the team identify who had been performing the vulnerability scans? 3. How would the handling of this incident differ if the vulnerability scanning were directed at the organization's most critical hosts? 4. How would the handling of this incident differ if the vulnerability scanning were directed at external hosts? 5. How would the handling of this incident differ if the internal IP address was associated with the organization's wireless guest network? 6. How would the handling of this incident differ if the physical security staff discovered that someone had broken into the facility half an hour before the vulnerability scanning occurred?
The LMJ-Ad corporate management has been informed by the network administration team that there was a malware/ransomware attack and infection overnight at the system level, now spreading to the network enterprise-level, requiring the incident response team to take immediate action. The infection came from a malware attachment on a phishing email and was reported by a user with a priority trouble ticket. Initial interviews suggest the incident may have come from an internal employee. Provide an investigative report. General Incident Information Cover page Date: Incident POC Name Time: Incident POC Name Time: Incident POC Email Initial Identification Section 1.0: Date, Time, and time zone for the first detection. Section 2: Impacted Personnel: List name and contact information for any personnel involved in the detection and initial investigation. Section 3.0: Incident Detection Specific. How was the incident detected? Suspicious network traffic pattern, ransomware, or malware alerts from anti-virus/malware software? Section 4.0: Threat Identification. What do you think? Section 5: Infected Resources. List of system and network components involved, both at the system level.
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
18,000,000+
Students on Numerade
Trusted by students at 8,000+ universities
Watch the video solution with this free unlock.
EMAIL
PASSWORD